The past few years have seen many advances in the security that can be applied to websites and their applications. However, not everyone takes advantage of what is available. The adoption of HTTPS, for example, is highly variable. Likewise the use of Content Security Policies (CSP) and security headers is not just variable but often implemented incorrectly.
We set out to understand how these security technologies were being applied across different industry sectors. The first paper in a series was published in June 2017. In this work we focussed on the adoption of HTTPS. Papers still under review will cover CSP and security headers.
The findings for TLS 1.2 were not entirely surprising as we found that the Computer and Business sectors are generally the strongest for adopting security. Less expected was that News and Sports are the weakest, with less than 1 in 10 of the Top 500 sites in the sector adopting TLS 1.2. Generally, the greater the scope for integrating content from a range of external sites, the least likely the site is going to support strong security, and thus are more likely to be open to vulnerabilities such as cross-site scripting. One might have expected the opposite.
In general the adoption is patchy but for TLS 1.2 it is encouraging that that later methods of key exchange prevail. It seems that the task ahead of us is to convince website operators to use TLS in the first place. The size of this task is disappointing given initiatives such as the OWASP Top 10 which has trumpeted for a long time now the top risks and how to avoid them.
For those interested in exploring the data we collected it has been made available here.
Further papers to follow.
Monday 5 June 2017
Wednesday 24 May 2017
Attribution Is Difficult - Consider All The Evidence
There have been several headlines in recent days suggesting that the attacks by the Wannacry malware in May 2017 has been "linked" to the North Korean regime.
Monday 8 May 2017
Ethical Hacking
The past few months have seen quite a bit of activity working on an old investigation for the Click programme at the BBC. Although a lot of work (so much more than we were able to show even in a half hour special) it was a really important message: ethical hacking matters.
I've had so many people ask how hacking can be stopped. My answer is that yiu need to focus on what you mean by "hacking". It has become a derogatory term to some but origuinally it meant those of us who liked taking things apart to find out how they worked. I really enjoy doing just that. However, you need to draw a distinction between ethical hacking (sometimes called white hat hacking) and cybercrime (black hat hacking).
Nobody, other than the criminals, wants black hat hackers operating on their systems. But, it doesn't take very long in the security world to realise that ethical hackers are the only people who are flagging up problems that the black hat hackers might exploit for nefarious purposes. Just like the Wild West, you need the white hats to stop the black hats.
I've had so many people ask how hacking can be stopped. My answer is that yiu need to focus on what you mean by "hacking". It has become a derogatory term to some but origuinally it meant those of us who liked taking things apart to find out how they worked. I really enjoy doing just that. However, you need to draw a distinction between ethical hacking (sometimes called white hat hacking) and cybercrime (black hat hacking).
Nobody, other than the criminals, wants black hat hackers operating on their systems. But, it doesn't take very long in the security world to realise that ethical hackers are the only people who are flagging up problems that the black hat hackers might exploit for nefarious purposes. Just like the Wild West, you need the white hats to stop the black hats.
Monday 3 October 2016
Is Quantum Computing The End of Public Key Encryption
I recently published a paper with Prof Bill Buchanan at Napier Edinburgh University on the treat posed by quantum computers to public key encryption. We've tried to put the threat in context - whilst it might pose a threat to currently popular schemes there are solutions.
I also did a talk open to the public where we introduced the subject of quantum computing and Shor's algorithm, followed by a demonstration from Prof Buchanan of some of the post quantum schemes we feel are most likely to succeed.
There is a great of misunderstanding about quantum computing, not least that it is somehow a universal speed up (a "quantum leap") in computing in general. As we explain in the paper, there is an inconvenient truth about quantum computing which means that it is spectacular at solving some problems, but it most assuredly is not a universally faster way of processing.
The subject is going to be of significant interest in coming years, and it was even addressed in this years Internet Organised Crime Threat Assessment from Europol (Appendix A). If you are involved in cyber security (and likely to remain so over the next few years) it is a subject worth developing an understanding of.
I also did a talk open to the public where we introduced the subject of quantum computing and Shor's algorithm, followed by a demonstration from Prof Buchanan of some of the post quantum schemes we feel are most likely to succeed.
There is a great of misunderstanding about quantum computing, not least that it is somehow a universal speed up (a "quantum leap") in computing in general. As we explain in the paper, there is an inconvenient truth about quantum computing which means that it is spectacular at solving some problems, but it most assuredly is not a universally faster way of processing.
The subject is going to be of significant interest in coming years, and it was even addressed in this years Internet Organised Crime Threat Assessment from Europol (Appendix A). If you are involved in cyber security (and likely to remain so over the next few years) it is a subject worth developing an understanding of.
Wednesday 13 July 2016
A New Form Of Anonymity
I've talked before about how Tor can protect your anonymity on the Internet only if you use it in the right way. However, how users interact with Tor is not the only possible source of a loss of anonymity. As far back as 2014 the Tor project was looking for "Bad Onions".
As Tor is a system run by volunteers it is possible for people to set up malicious relays. It has been used by researchers trawling for hidden services but it has become clear that the numbers of "spoiled onions" is rather higher than might be explained by purely academic research. Whether it's criminals or governments is irrelevant: what it shows is that Tor is potentially susceptible to people setting up malicious relays (including exit nodes) to unmask users.
Whilst the Tor project is taking steps to root out these spoilers it is also become apparent recently that Tor is vulnerable to attacks such as Sybil attack. The Tor project are obviously aware and so not surprisingly they are looking into how all of these potential vulnerabilities can be countered to protect users anonymity.
As Tor is a system run by volunteers it is possible for people to set up malicious relays. It has been used by researchers trawling for hidden services but it has become clear that the numbers of "spoiled onions" is rather higher than might be explained by purely academic research. Whether it's criminals or governments is irrelevant: what it shows is that Tor is potentially susceptible to people setting up malicious relays (including exit nodes) to unmask users.
Whilst the Tor project is taking steps to root out these spoilers it is also become apparent recently that Tor is vulnerable to attacks such as Sybil attack. The Tor project are obviously aware and so not surprisingly they are looking into how all of these potential vulnerabilities can be countered to protect users anonymity.
Monday 11 July 2016
Post Quantum Crypto Goes Mainstream?
Although people such as me have been talking about the threat to public key cryptography from quantum computers for years, and the alternatives that could be used, it seems that when Google announced that they were experimenting with a post quantum crypto scheme in Chrome it caught people's imagination. Perhaps this marks the beginning of post quantum crypto entering the mainstream?
The scheme chosen by Google is the New Hope scheme. It was proposed in a research paper relatively recently, although there have been two other papers that have appeared in conferences such as Crypto 2016 are also worth reading as they support the original work:
The scheme chosen by Google is the New Hope scheme. It was proposed in a research paper relatively recently, although there have been two other papers that have appeared in conferences such as Crypto 2016 are also worth reading as they support the original work:
both of which I've covered before in this blog as I did for another paper which is important in this work Frodo: Take off the ring! Practical, Quantum-Secure Key Exchange from LWE
Friday 8 July 2016
Is Malware Changing How It Hides Its Comms?
It might sound a bit obvious, but in order for malware to capitalise on its ill-gotten gains it has to communicate with its criminal masters. That very act of phoning home can give away the presence of the malware, and once you know its there you can trace where "home" is. Not surprising then that malware developers began using encryption (often simple SSL) to obscure their communications amongst the mass of other data that flows on and off any networked system.
Encrypting malware communications has never been entirely successful as the data still presents patterns that can be singled out (more on this in some upcoming research we are due to publish). We have seen attempts to determine how TLS is being used by malware already. Plus organisation like SANS have provided advice for some time on how to spot subverted SSL/TLS traffic. However, it does make it a great deal more difficult to spot and thence locate malware based on network traffic analysis.
Encrypting malware communications has never been entirely successful as the data still presents patterns that can be singled out (more on this in some upcoming research we are due to publish). We have seen attempts to determine how TLS is being used by malware already. Plus organisation like SANS have provided advice for some time on how to spot subverted SSL/TLS traffic. However, it does make it a great deal more difficult to spot and thence locate malware based on network traffic analysis.
Wednesday 8 June 2016
Bulk Key Recovery on the Cloud
Cloud computing has many advantages so it's not surprising that it has become so popular with the even the biggest online services using cloud providers for their infrastructure. However, many in security have pointed out that the "cloud" could perhaps also be termed "somebody else's computer", which immediately rings alarm bells from a security perspective. Hidden in there is a fact that has been troubling researchers for some years: cloud computing means shared computing so you are using the same hardware as others running their systems.
Back in 2009 researchers began publishing work that seemed to show that it was possible for data to "leak" from one system to another when using shared hardware. Papers such as these particularly highlighted the dangers of shared cache memory. Side channel attacks were described in papers such as "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds" that showed just how data could be exfiltrated from a system by an attacking systems that was co-resident on the same hardware.
Back in 2009 researchers began publishing work that seemed to show that it was possible for data to "leak" from one system to another when using shared hardware. Papers such as these particularly highlighted the dangers of shared cache memory. Side channel attacks were described in papers such as "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds" that showed just how data could be exfiltrated from a system by an attacking systems that was co-resident on the same hardware.
Monday 23 May 2016
Physical Access To A System Matters For Security
At Christmas I wrote a piece for the BBC based upon Scott Culp's 10 immutable laws of computer security. My assertion was that the laws are as valid today as they were all those years ago. However, many have commented to me that rule 3, which reads " If a bad guy has unrestricted physical access to your computer, it's not your computer anymore", is no longer true due to the use of encryption on disks. I think recent research suggests my assertion is true.
I wrote recently about work that had been published showing how encryption keys could be recovered from laptops using relatively cheap antenna and standard equipment. The technique works through walls no less. Then in the last week I've seen two other papers which are focussing down even further on side channel attacks based on various forms of differential analysis of physical characteristics one can measure in the circuitry of otherwise secure devices.
I wrote recently about work that had been published showing how encryption keys could be recovered from laptops using relatively cheap antenna and standard equipment. The technique works through walls no less. Then in the last week I've seen two other papers which are focussing down even further on side channel attacks based on various forms of differential analysis of physical characteristics one can measure in the circuitry of otherwise secure devices.
Monday 16 May 2016
Preventing Selfish Mining In The Blockchain
The principle of the blockchain is that a "miner" is rewarded for being the first to solve a mathematical problem. If you're new to Bitcoin I suggest you spend some time watching this video. One of problems with the principle is that it assumes everyone who solves the problem first, actually provides the block that they have in order to continue to build the blockchain. If a node in the network acts "selfishly" (ie it withholds the block) it can delay transactions and/or waste computing power elsewhere in the network. It has been an open question as to how one prevents this.
Simply delaying a transaction or making the network work harder wouldn't seem to be much of an attack but it matters for several reasons:
Simply delaying a transaction or making the network work harder wouldn't seem to be much of an attack but it matters for several reasons:
- The blockchain already has a relatively slow update frequency and so if it is to compete with other transaction systems it has to be sure of being as fast as it can be, and free from possible malicious slowing effects.
- The problem in the protocol is designed to become progressively harder to solve as time progresses so anything that adds to the computational power required in the network can only make it less economically for people to act as miners.
- If someone can disrupt your financial transaction engine, albeit just a delay, it will erode trust in the robustness of the system.
Wednesday 11 May 2016
Is Bitcoin Vulnerable On Asynchornous Networks?
Forget all the hubbub about who Satoshi Nakamoto is in person(s), something much more interesting has come up this week: a possible attack on the principle behind the technology underlying Bitcoin.
Nakamoto's blockchain is intended to enable consensus to be reached in a permissionless setting.
Although anyone can join or leave the protocol, the protocol should prevent “sybil attacks”. To do this it relies upon solving a computational puzzles: the so called proof of work. However, the assumption behind proving that this is sufficient to prevent attacks has always been that the network on which it operates is synchronous, something that is not quite true in the real world. Likewise possible attacks have typically made the same assumption, such as those analysed by Yonatan Sompolinsky and Aviv Zohar.
Not surprising then that I was interested when a paper was published entitled Analysis of the Blockchain Protocol in Asynchronous Network. Thankfully for all the Bitcoin fans it shows a degree of robustness in networks with limited delays, but outside of certain bounds it also demonstrates a simple attack which shows that the proof of work needs to be made harder.
Nakamoto's blockchain is intended to enable consensus to be reached in a permissionless setting.
Although anyone can join or leave the protocol, the protocol should prevent “sybil attacks”. To do this it relies upon solving a computational puzzles: the so called proof of work. However, the assumption behind proving that this is sufficient to prevent attacks has always been that the network on which it operates is synchronous, something that is not quite true in the real world. Likewise possible attacks have typically made the same assumption, such as those analysed by Yonatan Sompolinsky and Aviv Zohar.
Not surprising then that I was interested when a paper was published entitled Analysis of the Blockchain Protocol in Asynchronous Network. Thankfully for all the Bitcoin fans it shows a degree of robustness in networks with limited delays, but outside of certain bounds it also demonstrates a simple attack which shows that the proof of work needs to be made harder.
Monday 9 May 2016
Post Quantum Crypto Scheme Demo Online
Following on from a number of post apocalyptic articles I'd read as to how quantum computers would spell the end of security on the web, I wrote back in March about how there are many candidates for public key encryption systems that appear to be resistant to quantum attacks, specifically Shor's algorithm. One of the candidates I listed was from McEliece.
The original paper in 1978 was only two pages long:
The original paper in 1978 was only two pages long:
Friday 6 May 2016
Tor Hidden Services - A Minor Situation Update
I wrote a month ago about how the number of Tor's .onion sites seemed to have settled down following the extraordinary variations we saw in the previous month. The point I made then was that although the number of .onion sites had stabilised, it was still 50% higher than just before the period of dramatic variations. I also made the point that the volume of traffic to these hidden sites had effectively halved despite the 50% increase in the number of sites.
As expected when I wrote that previous blog, these figures have continued and the situation is indeed currently stable. Here are the figures to prove it:
Thursday 5 May 2016
Is Quantum Encryption Provably Secure
Much research is required on how you "prove" that quantum encryption schemes are secure. Cryptographers have developed many ways of proving that new schemes are secure. If you attend a cryptography course it won't be long before you are introduced to the concept of semantic security and the ubiquitous "game" where you an attack attempts to use plain text and cipher text to break the scheme.
Before proceeding it worth a very brief detour to clear up a common misunderstanding: the threat from quantum computers to public key encryption is not the same as quantum encryption. For an introduction to early quantum encryption (quantum key distribution) you can start here. Also "post quantum encryption" is simply those schemes being developed that are resistant to the threat posed by quantum computers.
The concept of semantic security first emerged in 1982. It is a bit cumbersome which is why it was shown only two years later (by the same researchers) that semantic security was essentially the same as another concept called "ciphertext indistinguishability". It is a simple but powerful concept where an attacker cannot distinguish between two separate ciphertexts to determine which contains each of two messages. This is a much more intuitive means by which the adversary game can be run and it is considered a fundamental requirement if an encryption scheme is to be considered provably secure.
Before proceeding it worth a very brief detour to clear up a common misunderstanding: the threat from quantum computers to public key encryption is not the same as quantum encryption. For an introduction to early quantum encryption (quantum key distribution) you can start here. Also "post quantum encryption" is simply those schemes being developed that are resistant to the threat posed by quantum computers.
The concept of semantic security first emerged in 1982. It is a bit cumbersome which is why it was shown only two years later (by the same researchers) that semantic security was essentially the same as another concept called "ciphertext indistinguishability". It is a simple but powerful concept where an attacker cannot distinguish between two separate ciphertexts to determine which contains each of two messages. This is a much more intuitive means by which the adversary game can be run and it is considered a fundamental requirement if an encryption scheme is to be considered provably secure.
Friday 22 April 2016
Cost Of Attacking Elliptic Curves Is Dropping
Field Programmable Gate Arrays (FPGA) are proving to be very useful in mounting attacks against modern cryptographic schemes. By allowing fast computation of discrete logarithms researchers have shown that elliptic curves are coming into range of vulnerability.
A paper now out in the public domain, has demonstrated how to accelerate these computations. Entitled "Faster discrete logarithms on FPGAs" the acceleration was sufficient to be used in an attack against the SECG standard curve sect113r2. But before you panic this was removed from the standard in 2010 although it was not disabled in OpenSSL until June 2015. Although you shouldn't panic, neither should you relax, and you certainly shouldn't ignore this research.
Whilst this latest implementation has set a new record for various parts of the computation it is not necessarily that which will draw attention. What is important is the way they have been able to use fewer Look Up Tables (LUT). This reduces the cost not just of this attack but also holds the promise of significantly reduced cost for mounting attacks against larger curves.
A paper now out in the public domain, has demonstrated how to accelerate these computations. Entitled "Faster discrete logarithms on FPGAs" the acceleration was sufficient to be used in an attack against the SECG standard curve sect113r2. But before you panic this was removed from the standard in 2010 although it was not disabled in OpenSSL until June 2015. Although you shouldn't panic, neither should you relax, and you certainly shouldn't ignore this research.
Whilst this latest implementation has set a new record for various parts of the computation it is not necessarily that which will draw attention. What is important is the way they have been able to use fewer Look Up Tables (LUT). This reduces the cost not just of this attack but also holds the promise of significantly reduced cost for mounting attacks against larger curves.
Wednesday 20 April 2016
Is Artificial Intelligence The Answer Security Data Overload?
At last week's IEEE Conference on Big Data Security a paper was presented which may herald a new direction in dealing with the ever more complex cyber security landscape. It shows how Artificial Intelligence could be used to spot cyber attacks.
The paper was entitled "AI2 : Training a big data machine to defend".
It starts from a position of recognising that you do need a human analyst in the loop. However, it attempts to show how those charged with defending against the ever increasing volumes of attacks can avoid suffering information overload by using machine learning to spot those activities which need further investigation.
For those who don't want to read the paper there is a nice video to go with it:
The paper was entitled "AI2 : Training a big data machine to defend".
It starts from a position of recognising that you do need a human analyst in the loop. However, it attempts to show how those charged with defending against the ever increasing volumes of attacks can avoid suffering information overload by using machine learning to spot those activities which need further investigation.
For those who don't want to read the paper there is a nice video to go with it:
Wednesday 13 April 2016
OpenSSL Has A Chink To Be Aware Of
The accurate generation of random numbers (or more particularly pseudo random numbers) is central to much in computer security. Problems with random number generation are often found to be the cause of vulnerabilities, usually because someone has taken a short cut or used a source that they consider to be random when it's not. I was a little surprised to then see a paper that documents some problems with the random number generator (RNG) in OpenSSL.
OpenSSL is one of the most widely used libraries in computer security. It has had some problems in the past (such as Heartbleed) which were not only major concerns because of the nature of the problem but also because OpenSSL is used in many systems, particularly embedded systems that are hard to update. It's free software and open source so people have used it because they felt it was great if you were building a system to a low price whilst offering apparent security through the visibility of the code. Heartbleed taught everyone that open source does not equal scrutinised code.
The paper I read this week was entitled "An Analysis of OpenSSL’s Random Number Generator". The analysis revealed some issues.
OpenSSL is one of the most widely used libraries in computer security. It has had some problems in the past (such as Heartbleed) which were not only major concerns because of the nature of the problem but also because OpenSSL is used in many systems, particularly embedded systems that are hard to update. It's free software and open source so people have used it because they felt it was great if you were building a system to a low price whilst offering apparent security through the visibility of the code. Heartbleed taught everyone that open source does not equal scrutinised code.
The paper I read this week was entitled "An Analysis of OpenSSL’s Random Number Generator". The analysis revealed some issues.
Tuesday 12 April 2016
Who Is Tor Really For?
I have been trying to rationalise several apparently contradictory surveys of the "Dark Web" that have been published recently. Some suggest the vast majority of Tor is being used for illicit purposes, others suggest a much smaller figure. So what is the truth?
I wrote several weeks ago on research done by Kings College, London, which appeared to show that just over 50% of hidden services were being used for illicit purposes. I wasn't surprised then to read a report from Intelliagg using the facilities from Darksum, which suggests that slightly less than 50% of such sites were involved in activities that would be considered illegal in the UK or US. Such a small variation in results could easily be a result of differences in definitions of illicit behaviour, those sites that were available during each survey, and so on.
The search engine used by Darksum does appear to be highly credible. I haven't had a chance to use it but it claims to use the same technology that DARPA used in their MEMEX programme, which was probably the best such search two years ago. I'm minded to take the results produced by this search as accurate. However, there are a couple of caveats one needs to apply to the results, exactly as with the results from Kings College.
I wrote several weeks ago on research done by Kings College, London, which appeared to show that just over 50% of hidden services were being used for illicit purposes. I wasn't surprised then to read a report from Intelliagg using the facilities from Darksum, which suggests that slightly less than 50% of such sites were involved in activities that would be considered illegal in the UK or US. Such a small variation in results could easily be a result of differences in definitions of illicit behaviour, those sites that were available during each survey, and so on.
The search engine used by Darksum does appear to be highly credible. I haven't had a chance to use it but it claims to use the same technology that DARPA used in their MEMEX programme, which was probably the best such search two years ago. I'm minded to take the results produced by this search as accurate. However, there are a couple of caveats one needs to apply to the results, exactly as with the results from Kings College.
Saturday 9 April 2016
No Honour Among Thieves (or Assassins)
The use of blockchain technology has increasingly focussed on uses other than cryptocurrencies. One challenge being addressed is how do you deal with someone who you don't know, may never have met, and yet with whom you wish to exchange cryptocurrency for goods and services, especially as the transaction is ostensibly anonymous on both sides. Well, the answer, many feel, is in the form of Smart Contracts, which can be supported by the blockchain itself.
However, as with so much in technology, smart contracts have a darker side. A paper that popped up this week gives a very good summary and analysis of various scenarios in which smart contracts could be used between criminals. The scenarios include everything up to an including hiring an assassin: how can you be sure that the assassin will do the job if you pay him or vice versa how can the assassin be sure of being paid if he kills the poor victim.
The paper, entitled "The Ring of Gyges: Investigating the Future of Criminal Smart Contracts" explores some ideas I had never thought of, but which are quite fascinating. The types of criminal contract demonstrated in the paper are:
However, as with so much in technology, smart contracts have a darker side. A paper that popped up this week gives a very good summary and analysis of various scenarios in which smart contracts could be used between criminals. The scenarios include everything up to an including hiring an assassin: how can you be sure that the assassin will do the job if you pay him or vice versa how can the assassin be sure of being paid if he kills the poor victim.
The paper, entitled "The Ring of Gyges: Investigating the Future of Criminal Smart Contracts" explores some ideas I had never thought of, but which are quite fascinating. The types of criminal contract demonstrated in the paper are:
Friday 8 April 2016
Tor Continues To Confound
Tor is, yet again, producing some data that seems to defy explanation. Having talked a lot about how the number of unique .onion addresses has varied in recent weeks (and was apparently settling down) another metric has suddenly shown a dramatic change. The amount of data being reported as using the hidden services has plummeted (and I use that word deliberately).
The immediate thought was that there had been another sudden drop in the number of unique .onion addresses and hence the "dark web" had contracted for some reason. However, the data shows that the number of unique .onion sites remains stable as I was expecting when I wrote about the "new normal":
Subscribe to:
Posts (Atom)